A previously undocumented macOS infostealer has surfaced during our routine threat hunting. Malwarebytes Labs researchers initially tracked it as NukeChain, but shortly before publication, the malware’s operator panel became publicly visible, revealing its real name: Infiniti Stealer.
This malware is designed to steal sensitive data from Macs. It spreads through a fake CAPTCHA page that tricks users into running a command themselves: a technique known as ClickFix. Instead of exploiting a bug, it relies on social engineering. The final payload is written in Python and compiled with Nuitka, producing a native macOS binary. That makes it harder to analyze and detect than typical Python-based malware. To our knowledge, this is the first documented macOS campaign combining ClickFix delivery with a Nuitka-compiled Python stealer.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UAE: Up to 100 people arrested by police for filming drone or missile strikes
March 14, 2026
Up to 100 people have been arrested by police in the UAE for filming drone or missile strikes, it emerged this morning. Abu Dhabi Police alone have arrested 45 people of multiple nationalities for filming various locations amid current ongoing events and posting clips on social media. In neighbouring Dubai, at least 21 people, including a ...
- Google patches two Chrome zero-days under active attack
March 13, 2026
Update March 16, 2026 Earlier this week, Google incorrectly reported that an actively exploited vulnerability in Chrome had been fixed, and has now announced it will roll out a new update to protect users against the vulnerability tracked as CVE-2026-3909. Original content: Google has released an out-of-band security update for Chrome desktop that patches two high‑severity ...
- Swedish government IT system hacked
March 13, 2026
A large amount of sensitive information allegedly coming from a Swedish government IT system has been posted on the darknet, according to Dagens Nyheter and Expressen. DN writes that the newspaper has taken note of the leak and that it appears to contain the source code for a digital identity management system used by several authorities. ...
- Poland investigates Iran links behind cyberattack on nuclear facility
March 12, 2026
Poland is looking into whether an attempted cyberattack on a nuclear research facility was carried out by Iran, the government said on Thursday. The country’s digital minister Krzysztof Gawkowski said in an emailed statement that Poland had “identified an attempted cyberattack on the servers of the National Centre for Nuclear Research,” which authorities had thwarted. He ...
- Telus probes cybersecurity incident that ‘ShinyHunters’ group claims responsibility for
March 12, 2026
Canadian telecommunications and business services firm Telus is investigating a cybersecurity incident involving unauthorized access to some of its systems, a company spokesperson said on Thursday. The ShinyHunters hacking group told Reuters in a message it stole at least 700 terabytes of data from Telus. All business operations within the company “remain fully operational, and there ...
- CISA warns max-severity n8n bug is being exploited in the wild
March 12, 2026
The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n. CISA urged all federal civilian executive branch (FCEB) agencies to patch CVE-2025-68613 at once because it carries a near-perfect 9.9 vulnerability score. The bug was first disclosed in December, and ...